class UserProfilesController < ApplicationController
  # GET /user_profiles
  # GET /user_profiles.json
  before_filter :authenticate_user!, :except => :show
  def index
    if session[:user].role != "admin"
      redirect_to homepage_url
    else
      @user_profiles = UserProfile.all

      respond_to do |format|
        format.html # index.html.erb
        format.json { render json: @user_profiles }
      end
    end
  end

  # GET /user_profiles/1
  # GET /user_profiles/1.json
  def show
    @user_profile = UserProfile.find_by_user_id(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @user_profile }
    end
  end

  # GET /user_profiles/new
  # GET /user_profiles/new.json
  def new
    if session[:user].role != "admin"
      redirect_to homepage_url
    else
      @user_profile = UserProfile.new

      respond_to do |format|
        format.html # new.html.erb
        format.json { render json: @user_profile }
      end
    end
  end

  # GET /user_profiles/1/edit
  def edit
    if session[:user].role == "member" && session[:user].id != UserProfile.find(params[:id]).user_id
      redirect_to homepage_url
    else
      @user_profile = UserProfile.find(params[:id])
      @user=User.find(@user_profile.user_id)
      @user_profile.email = @user.email
      @user_profile.password = nil
    end
  end

  # POST /user_profiles
  # POST /user_profiles.json
  def create
    if session[:user].role != "admin"
      redirect_to homepage_url
    else
      @user_profile = UserProfile.new(params[:user_profile])

      respond_to do |format|
        if @user_profile.save
          format.html { redirect_to @user_profile, notice: 'User profile was successfully created.' }
          format.json { render json: @user_profile, status: :created, location: @user_profile }
        else
          format.html { render action: "new" }
          format.json { render json: @user_profile.errors, status: :unprocessable_entity }
        end
      end
    end
  end

  # PUT /user_profiles/1
  # PUT /user_profiles/1.json
  def update
    if session[:user].role == "member" && session[:user].id != UserProfile.find(params[:id]).user_id
      redirect_to homepage_url
    else
      @user_profile = UserProfile.find(params[:id])
      respond_to do |format|
        @user=User.find(@user_profile.user_id)
        if @user!=nil
          a= @user.id != session[:user].id
          b= @user.valid_password?(params[:user_profile][:password])
          @user.email=params[:user_profile][:email]
          if !a
            if b
              if @user_profile.update_attributes(params[:user_profile])
                #@user.email=params[:user_profile][:email]
                @user.save
                format.html { redirect_to user_profile_url(@user_profile.user_id), notice: 'User profile was successfully updated.' }
                format.json { head :no_content }
              else
                format.html { render action: "edit" }
                format.json { render json: @user_profile.errors, status: :unprocessable_entity }
              end
            else
              format.html { render action: "edit"}
              @notice="Wrong Password"
              format.json { render :json=> @notice }
            end
          else
          #ko can valid pass
            if @user_profile.update_attributes(params[:user_profile])

              @user.save
              format.html { redirect_to managerusers_url, notice: 'User profile was successfully updated.' }
              format.json { head :no_content }
            else

              format.html { render "manageruser/edit" }
              format.json { render json: @user_profile.errors, status: :unprocessable_entity }
            end
          end
        end
      end
    end
  end

  # DELETE /user_profiles/1
  # DELETE /user_profiles/1.json
  def destroy
    if session[:user].role != "admin"
      redirect_to homepage_url
    else
    @user_profile = UserProfile.find(params[:id])
    @user_profile.destroy

    respond_to do |format|
      format.html { redirect_to user_profiles_url }
      format.json { head :no_content }
    end
  end
  end
end
